Hi All,
Currently this is how the authorization works in our application.
1. Uses JAAS
2. Uses LDAP realm.
3. Group memberships are on LDAP server. These are fetched post successful login.
4. We have a role-name --> group-name mapping specified in glass-fish-web.xml.
I believe, this is how authorization fundamentally works in J2EE. However, currently there is a requirement where LDAP will not send back the group information. LDAP will only be used for authentication. In such a scenario, is it possible to delink the current mapping between LDAP groups and application roles? If not what are the options available? I know some that I can list.
a. Define a custom LDAP realm.
b. I also read something about "default principal to role mapping" feature. I was wondering if this helps at all assuming no group information is retrieved from LDAP?
c. Is it possible at all to work without groups while using JAAS as the authentication scheme?
Regards,
Prasad